Stories by Lucian Constantin

Vulnerability exposes some Cisco home wireless devices to hacking

Nine of Cisco's home and small office cable modems with router and wireless access point functionality need software updates to fix a critical vulnerability that could allow remote attackers to completely compromise them.

SSL Blacklist project exposes certificates used by malware

Botnet tracking outfit Abuse.ch has launched a project to list SSL (Secure Sockets Layer) certificates used by some malware programs to hide their communications.

Overreliance on the NSA led to weak crypto standard, NIST advisers find

The National Institute of Standards and Technology needs to hire more cryptographers and improve its collaboration with the industry and academia, reducing its reliance on the U.S. National Security Agency for decisions around cryptographic standards.

New banking malware 'Kronos' advertised on underground forums

A new Trojan program designed to steal log-in credentials and other financial information from online banking websites is being advertised to cybercriminal groups on the underground market.

Future Java 7 security patches will work on Windows XP despite end of official support

Oracle has dispelled rumors that the upcoming security update for Java 7 and those it will release in the future might not work on Windows XP.

Microsoft revokes trust in certificate authority operated by the Indian government

Microsoft updated the Certificate Trust List in Windows to revoke trust for a certificate authority operated by the Indian government after it improperly issued at least 45 SSL certificates for domains owned by Google and Yahoo.

The Gameover Trojan program is back, with some modifications

Cybercriminals are trying to create a new botnet based on what is likely a modification of Gameover Zeus, a sophisticated Trojan program whose command-and-control infrastructure was taken over by law enforcement agencies at the beginning of June.

Malware hidden in Chinese inventory scanners targeted logistics, shipping firms

Financial and business information was stolen from several shipping and logistics firms by sophisticated malware hiding in inventory scanners manufactured by a Chinese company.

International law enforcement operation disrupts Shylock banking malware

Police from eight countries together with several private security companies disrupted the online infrastructure used by cybercriminals to control computers infected with a malware program called Shylock.

Digital certificate breach at Indian authority also targeted Yahoo domains, possibly others

The scope of a recent security breach at a digital certificate authority (CA) controlled by the Indian government is bigger than initially thought and also targeted domain names owned by Yahoo, in addition to several owned by Google.

Botnet brute-forces remote access to point-of-sale systems

Thousands of compromised computers are actively trying to break into point-of-sale (POS) systems using brute-force techniques to guess remote administration credentials.

Vulnerability in AVG security toolbar puts IE users at risk

Implementation issues with AVG Secure Search, a browser toolbar from antivirus vendor AVG Technologies that's supposed to protect users from malicious websites, could have allowed remote attackers to execute malicious code on computers.

Android bug lets apps make rogue phone calls

A vulnerability present in most Android devices allows apps to initiate unauthorized phone calls, disrupt ongoing calls and execute special codes that can trigger other rogue actions.

Attack on Dailymotion redirected visitors to exploits

Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware.

Ruby on Rails gets patches for SQL injection vulnerabilities

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by some high-profile websites.